Search code examples
amazon-web-servicesaws-cloudformationamazon-cloudwatchamazon-cloudwatch-metrics

How do I setup an alarm for CloudFront from CloudWatch in a CloudFormation yaml template?

I want to setup an alarm in case an error occurs on CloudFront from CloudWatch.

In the console, I would directly create an alarm that would send me an email in case the TotalErrorRate is larger than 0. This is working fine.

But now I want to setup the same setting in a yaml template file in CloudFormation. I have trouble figuring out the right values for the corresponding parameters. My file currently looks like this:

  # CloudWatch
  CloudFrontTotalErrorRateAlarm:
    Type: "AWS::CloudWatch::Alarm"
    Properties:
      ActionsEnabled: Boolean
      AlarmActions:
        - String
      AlarmDescription: "Trigers an alarm if there is any error (e.g. 4xx,5xx)"
      AlarmName: "MyApiTotalErrorRate"
      ComparisonOperator: GreaterThanThreshold
      Dimensions:
        - Dimension
      EvaluationPeriods: "1"
      ExtendedStatistic: String
      InsufficientDataActions:
        - String
      MetricName: TotalErrorRate
      Namespace: AWS/CloudFront
      OKActions:
        - String
      Period: 60
      Statistic: String
      Threshold: 0
      TreatMissingData: String
      Unit: String

For some parameters, I could figure out what the actual value could be. But for others I essentially don't know what I should put in so that AWS would send me an email in case an error occurs. The following parameters are missing values:

  • ActionsEnabled
  • AlarmActions
  • Dimensions
  • ExtendedStatistic
  • InsufficientDataActions
  • OKActions
  • Statistic
  • TreatMissingData
  • Unit
Solution

  • First of all you need to create an SNS Topic with your email address as one subscriber:

    EscalationTopic:
  Type: AWS::SNS::Topic

EscalationTopicEmailSubscriber:
    Type: AWS::SNS::Subscription
    Properties:
      Endpoint: [email protected]
      Protocol: email
      TopicArn: !Ref EscalationTopic

    As a second step you need to provide the DistributionId to the CF template (as long as the Distribution is not part of the CF template):

    Parameters:
  DistributionId:
    Type: String

    In the end you have to plug everything together and configure the CloudWatch Alarm in the following way:

    CloudFrontTotalErrorRateAlarm:
  Type: AWS::CloudWatch::Alarm
  Properties:
    Namespace: AWS/CloudFront
    MetricName: TotalErrorRate
    Dimensions:
      - Name: DistributionId
        Value: !Ref DistributionId
    Statistic: Sum
    Period: 60
    EvaluationPeriods: 1
    ComparisonOperator: GreaterThanOrEqualToThreshold
    Threshold: 1
    AlarmActions:
      - !Ref EscalationTopic

    The "final" CF template could look like this:

    AWSTemplateFormatVersion: 2010-09-09
Parameters:
  DistributionId:
    Type: String
Resources:
  EscalationTopic:
    Type: AWS::SNS::Topic

  EscalationTopicEmailSubscriber:
      Type: AWS::SNS::Subscription
      Properties:
        Endpoint: [email protected]
        Protocol: email
        TopicArn: !Ref EscalationTopic

  CloudFrontTotalErrorRateAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      Namespace: AWS/CloudFront
      MetricName: TotalErrorRate
      Dimensions:
        - Name: DistributionId
          Value: !Ref DistributionId
      Statistic: Sum
      Period: 60
      EvaluationPeriods: 1
      ComparisonOperator: GreaterThanOrEqualToThreshold
      Threshold: 1
      AlarmActions:
        - !Ref EscalationTopic